quasar | 285e04c2bb8bd46ab0ba229bb888f386c8fba38be6ab038e8f80929ff207206a | Triage

Submit
Reports

Overview

overview

Static

static

0972bb0ba1...0d.exe

windows7-x64

0972bb0ba1...0d.exe

windows10-2004-x64

Sharing

General

Target

24e7acb706dffb37b3e682424719f5ab.bin
Size

1.2MB
Sample

240422-bhh3tsdd44
MD5

881ec1737c2e73fdaf6eccf181e8be7b
SHA1

cc1a2d5bfaba9859a350f7dbe6849763468ff579
SHA256

285e04c2bb8bd46ab0ba229bb888f386c8fba38be6ab038e8f80929ff207206a
SHA512

eb289fc238d2539cbd11bb511a1a1e51b0c3d24160dd4c1ecdf84976a62aa16341cb4b28ce8709f439ed2db49fec24a8c7fe4ca43a128f2f035aac6098cead0e
SSDEEP

24576:XVDZ13c69hQJHFsPbwToAJB0P9sHujykKnv/muRz/fMa9RN8idM2ZS9:FlJ9hAHFYsr0P9WGyk6vxffIfYS9

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d.exe

Resource

win7-20240215-en

quasar office04 spyware trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d.exe

Resource

win10v2004-20240412-en

quasar office04 spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Kneegrowless-33547.portmap.host:33547

Mutex

10674f25-f575-4b14-92cf-06a7073df875

Attributes

encryption_key
E5427EE2BE27EB8DFAE76384CABC8A5EBB33EB00
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d.exe
- Size
  
  3.1MB
- MD5
  
  24e7acb706dffb37b3e682424719f5ab
- SHA1
  
  5d4864f3acb3076ee4005990114a4a1f2520d456
- SHA256
  
  0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d
- SHA512
  
  3d4b62d8a2c725f288277a0021c5dc46600e71b20fcdc660fdb00e0d37ff0a0114b7571d331fd85f989da74ef2dbf57add61b90085ff94cf53f5d07fea215c50
- SSDEEP
  
  49152:HvilL26AaNeWgPhlmVqvMQ7XSKE6kjn+DixoGgBoTHHB72eh2NT:HvaL26AaNeWgPhlmVqkQ7XSKExn+DS
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy